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METHODS AND APPARATUS FOR A WEB APPLICATION PROCESSING 



SYSTEM 



The present application claims priority to the U.S. provisional patent application 
identified by Serial No. 60/156,872 filed on September 30, 1999, the disclosure of which 
5 is incorporated by reference herein. 

Field of the Invention 

The present invention relates generally to the field of software systems that 
manage the life-cycle of software apphcations, e.g., installation, configuration, resource 
management, security management, execution, and de-installation, and, more particularly, 
10 to methods and apparatus for processing of web applications that are written in the form 
of web pages which can be downloaded through the Internet using web communication 
protocols, installed in local computers, and executed utiUzing web components, such as a 
web browser and JavaScript interpreter, in the local computers. 

Background of the Invention 

15 The recent explosion of the popularity of the World Wide Web ("Web" for short, 

and hereinafter referred to in the lower case as "web" in the context of an adjective or 
adverb, e.g., web pages) has made the Internet one of the most important media for mass 
communication. The Web is used for many applications such as information retrieval, 
personal communication, and electronic commerce and has been rapidly adopted by a fast 

20 growing number of Intemet users in a large part of the world. 

Using the Web, users can access remote information by receiving web pages 
through the Hypertext Transfer Protocol (HTTP). The information in a web page is 
described using the Hypertext Markup Language (HTML) and extensive Markup 
Language (XML), and is displayed by software called web browser. Web pages of earher 

25 design are considered static because they do not include any logic that can dynamically 
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change their appearances or provide computations based on user input. Subsequently, the 
Java™ (Sun Microsystems) programming language was incorporated in web pages in the 
form of applets. An applet is a small Java program that can be sent along with a web 
page to a user. Java applets can perform interactive animation, immediate calculations, or 
5 other simple tasks without having to send a user request back to the server, thereby 

providing the dynamic logic in web pages. 

Java is an object-oriented programming language which can be used for creating 
stand-alone applications. Writing Java programs typically requires different and more 
extensive skills and training than composing web pages. The learning curve for writing 

10 Java programs is typically longer than that for writing web pages. Not all web page 
authors therefore are expert Java programmers. 

Recently, to make it easier to embed logic in web pages, an easy-to-write script 
language called JavaScript has been supported by popular web browsers to be 
incorporated into web pages. JavaScript, capable of embedding logic for computation 

15 based on user input, brings dynamic and powerful capabilities to web pages. JavaScript, 

unlike Java which is a full-fledged programming language, has a simpler syntax and is 
much easier to learn. Because of this easy-to-write feature, JavaScript has currently 
become a popular way to embed logic in web pages by many web page authors. 

Although JavaScript brings easy-to-write logic to web pages, it is limited to 

20 browser functions and works with HTML elements only. It can only be used to create 
simple applications under the contexts of the browser, such as changing the web page's 
visual presentation dynamically and computing user input quickly without sending a user 
request back to the server (for such computation). Thus, web pages with JavaScript logic 
cannot be used to create stand-alone applications that require access to a full range of 

25 resources on the user's computer such as the file system management and the display area 

beyond the browser's window. In general, web pages carmot be processed in 
non-browser contexts. 
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At the present, stand-alone applications are typically written in traditional 
programming languages (also called 3GL for 3rd Generation Languages) such as C, C++, 
and Java, or Fourth Generation Languages (4GL) such as Visual Basic. Through these 
languages, stand-alone applications interact directly with operating systems through 
5 operating system APIs (application programming interfaces) or indirectly with library 

functions which may in turn call these operating system APIs. The capability of 
accessing the operating system APIs gives an application the control of computing 
resources in a computer. 

If web pages had embedded logic that could access a whole range of computing 

10 resources enabled by these operating system APIs, they could then be used to develop 

stand-alone apphcations just like any of the aforementioned 3GL and 4GL languages. 
Using web pages to develop stand-alone applications would have many advantages. 
First, web page authors who do not possess the skill and experience in writing 3GL/4GL 
applications could develop stand-alone applications using the web page technology they 

1 5 profess. 

Secondly, the web technology components that can process the visual presentation 
language (e.g., HTML), the data modeling language (e.g., XML), and the communication 
protocol (e.g., HTTP) are available in most computers, which can connect to the Internet 
through the Web. This would provide an advantage in that using web pages to develop 

20 applications, a developer could very efficiently integrate these components. This is 

because, whereas 3GL/4GL applications can integrate these components 
programmatically, web pages could integrate them declaratively through languages such 
as HTML and XML. In general, the shorter learning curve and development time of web 
pages, as compared with 3GL/4GL programs, would result in a shorter time and lower 

25 cost in the development of software applications. The present invention addresses this 

issue by providing methods and apparatus in a software system that manage the life-cycle 
of software applications, which are composed of web pages that are not limited to the 
browser contexts and that have access to the full range of operating system resources. 



YOR9-1999-0457-US1 



3 



Another issue of the processing of computer software addressed by the present 
invention is the software installation process. Typically, the installation of a software 
application is achieved by a special-purpose program which comes with this software and 
is written only for the purpose of installing this software. This is evident in the existence 
5 of a "setup.exe" or "install.exe" program in almost all software packages for PCs 

(personal computers). This method of software installation means that developers for 
each software application have to write a specific install program just to install their 
software. 

In general, an install program for an application needs to configure a list of 

10 settings that are used to establish a proper environment or context for this application 

before it can be properly installed. These settings may include, for example, the basic 
operating system setup such as the registry entries, location setup such as the directory or 
folder in which the application is to be stored, link setup such as the short-cut link to this 
application, the graphic setup such as the icon of this application, and the dependency 

1 5 setup such as other applications that this application depends on for execution. 

To properly setup each setting, e.g., one of the aforementioned settings, the install 
program typically takes the determined value of this setting and processes an action 
specific to this setting. For example, the registry entry setup action may be to add the 
determined registry entry values to the proper registry files, whereas the dependency 

20 setup action may be to investigate if all apphcations that the application to be installed 

depends on are already installed and, if not, to display an error message. Typically, the 
value of a setting is either determined by user input during the installation process, such 
as the directory where the application is to be stored, or predetermined by the install 
program, such as the list of applications that its application depends on. 

25 In general, an install program first configures each setting by determining its 

value (by user input or pre-configuration) and then invokes the setup action for this 
setting. Because applications may have a different set of pre-configured setting values, 
each application requires a unique install program. Furthermore, if a new version of an 
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application changes the value of one of its install settings, such as a new icon, the install 
program for this application has to be rewritten to incorporate this new value. 

It would be advantageous to the application developers if they did not need to 
write a new install program for each new version of an application they develop. Instead, 

5 it would be desirable, for each version of an apphcation, to construct a list of install 

settings with pre-configured values for this application using a data modeling language 
such as XML, which could be provided together with this application for installation. 
This way, a standardized install program would then be deployed by the user's computer 
to decode the install settings and values and conduct proper installation for this 

10 application based on these values. This standardized install program could then be used 

to install all applications whose install settings and values are modeled by a language 
understood by this install program. With many apphcations installed using a 
standardized install program, the users would also have a consistent experience in the 
installation process for all these applications. 

15 The present invention addresses this issue by providing methods and apparatus of 

software installation in which a standardized install manager exists in a computer system 
to perform the installation process for all software apphcations whose install settings and 
values are modeled by a language understood by this install program. 

Yet another issue of today's computer software addressed by the present invention 

20 is the security management of software applications. Traditional stand-alone apphcations 

based on programming languages such as C and C++ typically have access to all the 
operating system resources through the calling of operating system APIs. In this case, the 
security context, i.e., the limit of system resource access, for these applications is the 
entire system. Based on this security context, it is possible that an application can, 

25 inadvertently or maliciously, damage not only its own data but those of other apphcations 

that share the same computer system. 

In a virtual machine environment, such as the Java Virtual Machine, the security 
context of an application (such a Java program) is defined by the virtual machine. A 
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misbehaving application thus can only create external damage allowable by the virtual 
machine. However, there can be many different types of appUcations running on the 
same virtual machine and while each one of them may have a different security need, 
they are forced to run under the same security context (that defined by the virtual 
5 machine). 

It would be advantageous if each application had its own security context that is 
predetermined by the system management policy. Thus, based on its level of security 
risk, an apphcation could be associated with a security context which regulates the system 
resources to which this application can or cannot access. This way, a misbehaving 
10 program in an application with a restrictive security context would cause minimum 

damage to the system as a whole. The present invention addresses this issue by providing 
methods and apparatus of a computer system in which each application has its own 
security context. 

Yet another issue of today's computer software addressed by the present invention 
15 is the web cache system for software applications. Web caching is traditionally 

performed by the web browsers and web proxies whose primary tasks include 
transmitting web objects over the network. Web pages in the context of a web browser 
contain hyperlinks to web objects through textual or graphic anchors. The user requests a 
web object from a web page when this page is displayed by the web browser and the user 
20 selects, through the mouse or other pointing mechanism, the anchor of this object. 

When a web object is requested through a web browser with the web caching 
feature, the web browser first checks to see if the object exists in its cache. If so, this 
object in the browser's cache is returned to the request web page. If the object does not 
exist in the browser's cache, the browser uses the Uniform Resource Locator (URL) of 
25 this object to locate its location in the Internet and retrieves it through a data transfer 

protocol such as HTTP. When the browser receives this object, it typically displays this 
object while storing a copy in its cache. 
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Applications accessing web objects could be composed using web pages. 
However, if web pages are processed in the context of the browser, the web objects 
requested by them in a client computer can only be cached by the browser in the 
computer. In other word, in a client computer, web page based applications under the 
5 browser contexts use only the browser's cache for web caching. 

Different web applications however may access web objects with different 
characteristics. For example, one web apphcation may access web objects that rarely 
change over time whereas another may access web objects that change highly frequently. 
It would be advantageous to deploy a sizable space to cache static web objects for the 
10 first application while little or no space for the second because any cached objects will be 

outdated immediately. In general, it would be advantageous that each apphcation has its 
own web cache. 

Furthermore, traditional web caching by browsers only cache web objects of 
certain types that are defined in HTTP. Some appUcations may need to retrieve objects 
15 from the Web with types not defined in HTTP. Examples of object types not defined by 

HTTP may include executable files, spreadsheet files, and documents with proprietary 
structures. Caching these non-HTTP-defined objects could provide a performance 
advantage to applications that retrieve objects of these types through the Web. 

The present invention addresses the issue of web caching for applications by 
20 providing methods and apparatus to provide each web apphcation a separate cache for 

both the HTTP-defined and non-HTTP-defmed objects fi^om the Web. 

Summary of the Invention 

In accordance with the aforementioned needs, the present invention is directed to 
25 a system in which applications are written as web pages that have access to the full range 

of operating system resources, including those not accessible through the web browser. 
The applications described in the present invention are called web applications. In a 
preferred embodiment of the present invention, three types of languages used for 
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constructing web pages are used for building web applications. They are: (1) a visual 
presentation language; (2) a data modeling language; and (3) a scripting language for 
embedding logic. Those skilled in the art will appreciate that currently the three most 
commonly used languages in web pages are HTML for visual presentation, XML for data 

5 modeling, and JavaScript for scripting. 

According to the present invention, a software system is provided to allow a 
computer to install and process web appHcations. This system preferably comprises a 
web application manager, an operating system interface module, a scripting language 
interpreter, and optionally a web browser and/or a data modehng language processor. 

10 The web application manager manages the life-cycle for appUcations, which may include 

the installation, execution, de-installation of these appUcations, as well as the security 
control and web caching for these applications. The script language interpreter (such as 
the JavaScript interpreter) parses and interprets the scripting language embedded in the 
web pages. The operating system interface module is used to convert the scripting 

15 language calls that request access to system resources into appropriate native operating 

system APIs. The web browser can be used to display the content of web applications 
and transfer data based on the data transfer protocol deployed by the browser (such as 
HTTP). The data modeling language processor (such as the XML parser) decodes the 
contents in the web applications that are written in the data modeling language (such as 

20 XML). 

According to one feature of the present invention, the scripting language used in 
Web pages that are typically restricted to the web browser functions can be extended to 
include function calls that access system resources normally beyond the limit of browser 
functions. Those skilled in the art will appreciate that screen display outside of the 
25 browser window and general file system management are two examples of the types of 

system resources beyond browser's control. 

According to yet another feature of the present invention, the operating system 
interface module can accept an extended scripting language function call that access 
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operating system resources beyond the browser contexts and, based on the type of this 
function call, execute code that includes calls to the native operating system APIs. 

According to yet another feature of the present invention, the Web application 
manager can manage installation for all web applications by invoking its install manager 
5 module. To install a web application, the install manager first obtains a copy of this 

application and the install document associated with this application. In a preferred 
embodiment of the present invention, the install manager can obtain the application and 
its install document by a network download process through the Web or other data 
transfer protocols. The install document for a web application contains a set of install 
10 settings and their values, which are modeled in language understood by the install 

manager. The install document for a web application can be written by the creator of this 
application. When installing this application, the install manager decodes the settings and 
their values in the install document of this application, and configures each setting based 
on its value accordingly. 

15 According to yet another feature the present invention, the web application 

manager can conduct security control for a web appUcation based on the security context 
of this application. According to the present invention, the security context of a web 
application is the limits of access to the operating system resources this apphcation is 
restricted to. The security context of an apphcation can be modeled with a hst of security 

20 settings for this application. Each security setting regulates the behavior of its host 

application in terms of a specific security feature. In a preferred embodiment of the 
present invention, the security context of a web application can be pre-configured by the 
creator or supplier of this apphcation, and obtained by the user together with its 
application when this application is downloaded for installation. In this preferred 

25 embodiment, the security context of a web application can also be modified by the 

administrator of a software system in which this application is deployed. According to 
the present invention, when a web application is being executed, the web application 
manager can check each setting in the security context of this application to ensure that 
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no security rules, based on the settings configured in the security context of this 
appUcation, are violated at any time while this application is running. 

According to yet another feature of the present invention, the web application 
manager can create a web cache for each application it installs. The cacheable web 
5 objects include both the HTTP-defined objects and non-HTTP-defined ones. In a 

preferred embodiment of the present invention, the two types of web objects can be 
stored in two different pools of the same cache for an apphcation. The settings of the 
cache for an application can be pre-configured and obtained together with this application 
by a chent computer. They can also be modified by the administrator of the system in 

10 which their application is installed. 

According to yet another feature of the present invention, the scripting language 
used in web pages that are typically restricted to the web browser functions can be 
extended to include function calls that manage the web cache for each application. Those 
skilled in the art will appreciate that typical cache APIs may include the search, insertion, 

15 and deletion of an object, as well as the reset of the whole cache. 

According to yet another feature of the present invention, when the web 
application manager executes an extended cache management API for a Web application, 
it checks the cache settings for this application and may take proper cache management 
action to ensure that these cache settings are not violated. 

20 These and other objects, features and advantages of the present invention will 

become apparent fi:om the following detailed description of illustrative embodiments 
thereof, which is to be read in connection with the accompanying drawings. 

Brief Description of the Drawings 

FIG. 1 is an example of an architecture of a server or a cUent of the present 
25 invention; 

FIG. 2 is an example of an architecture of a web apphcation of the present 
invention; 
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FIG. 3 is an example of an architecture of a web application process system of 
the present invention; 

FIG. 4 is an example of a web application manager process of the present 
invention; 

5 FIG. 5 is an example of a visual presentation process of the present invention; 

FIG. 6 is an example of a data model process of the present invention; 
FIG, 7 is an example of a script process of the present invention; 
FIG. 8 is an example of an operating system interface process of the present 
invention; 

10 FIG. 9 is an example of an install document of the present invention; 

FIG. 10 is an example of an architecture of a system deploying the install manager 
of the present invention; 

FIG. 1 1 is an example of a process of obtaining or updating an install document of 
the present invention; 

1 5 FIG. 12 is an example of a dependency install process of the present invention; 

FIG. 13 is an example of a security context for traditional appHcations; 
FIG. 14 is an example of a security context for virtual machine based apphcations; 
FIG. 15 is an example of a security context for applications managed by a system 
of the present invention; 
20 FIG. 16 is an example of a secxuity manager process of the present invention; 

FIG. 17 is an example of an architecture of a web caching system of traditional 
web applications; 

FIG. 18 is an example of the architecture of a web caching system for web 
applications of the present invention; 
25 FIG. 19 is an example of a web caching management process utiUzing a web 

browser caching mechanism of the present invention; 

FIG. 20 is an example of a web caching management process for web applications 
of the present invention to manage their own caches; 
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Detailed Description of Preferred Embodiments 

Referring initially to FIG. 1, an example is shown of a computing device that is 
capable of implementing the features of the present invention. This computing device 
can be, for example, a PC (personal computer), a workstation, or a mainframe, and may 

5 typically include elements such as: one or more processors, e.g., CPUs (central 

processing units) 101; input and output devices 103 such as a keyboard, a mouse and a 
screen monitor; main memory 104 such as RAM (random access memory); and storage 
memory 102 such as disks. These elements are interconnected through a bus 105 on 
which information can travel. As is known, the main memory 104 stores code being 

10 executed by the CPU and the storage memory 102 serves as the permanent storage for the 

systems (such as the operating system), the applications (such as the software system of 
the present invention), as well as the data. 

More generally, it is to be appreciated that the term "processor" as used herein is 
intended to include any processing device such as, for example, one that includes a CPU 

15 (as illustrated in FIG. 1) and/or other processing circuitry. The term "memory" as used 

herein is more generally intended to include memory associated with a processor or CPU, 
such as, for example, RAM (as illustrated in FIG. 1), ROM, a fixed memory device such 
as a hard disk (as illustrated in FIG. 1), a removable memory device (e.g., diskette), flash 
memory, etc. In addition, the term "input and output devices" as used herein is more 

20 generally intended to include any computer-based input and output devices, for example, 

one or more input devices, e.g., keyboard and mouse (as illustrated in FIG. 1), for 
entering data to the processing unit, and/or one or more output devices, e.g., display 
monitor (as illustrated in FIG. 1) and/or printer, for presenting results associated with the 
processing unit. It is also to be understood that the term "processor" may refer to more 

25 than one processing device and that various elements associated with a processing device 

may be shared by other processing devices. Accordingly, software components including 
instructions or code for performing the methodologies of the invention, as described 
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herein, may be stored in one or more of the associated memory devices (e.g., ROM, fixed 
or removable memory) and, when ready to be utihzed, loaded in part or in whole (e.g., 
into RAM) and executed by a CPU, 

Referring now to FIG. 2, an example is shown of a web application of the present 

5 invention. As shown, a web application 201 comprises one or more web pages 202. In a 

preferred embodiment of the present invention, each web page 202 of a web application 
201 contains text composed in any combinations of three types of languages: a visual 
presentation language 203, a script language 204 and a data modeling language 205. 

The visual presentation language is used to provide a graphic user interface (GUI) 

10 on the browser window. It can be used to visually present the text or linked objects (such 

as a voice or a graphic file), to receive user input, and transfer data to and from a remote 
host through web browser. Those skilled in the art will appreciate that currently the most 
commonly used visual presentation language for browsers is HTML and the data transfer 
protocol used by browsers is HTTP. 

15 The script interpreter is used to parse and interpret the text of the web page that is 

written in a script language. Those skilled in the art will appreciate that currently the 
most commonly used script language in web pages is JavaScript. Script in a web page 
provides a way to embed logic that creates dynamic visual displays or conducts 
immediate computations when its web page is processed. Traditional script language 

20 used in web pages is limited to the browser functions and HTML elements. According to 

a feature of the present invention, the script language used in a web application of the 
present invention can be extended to contain function calls that have access to a full range 
of operating system resources, including those beyond the browser contexts (details 
depicted in FIGs. 4 and 8). 

25 The data modeling language is used to describe certain data in web applications 

such that their structures and definitions of data elements inside them can be easily 
appUed by other applications that understand the same language and uses the same 
definitions for data elements. This way no specialized code is needed to decode data 
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received from other applications. Those skilled in the art will appreciated that currently 
the most common language used for data modeling on the Web is XML, 

FIG. 3 depicts an overall software system architecture of a preferred embodiment 
of the present invention. In this embodiment, the software system having the features of 
5 the present invention comprises five software components. They are the web application 
manager 302, the web browser 303, the operating system interface module 304, the script 
interpreter 305 and the data modehng language parser 306. As depicted in FIG. 3, the 
four modules 303 through 306 can directly access operating system 307 resources by 
calling the operating system APIs (depicted as the four links between block 307 and the 

10 four modules 303 through 306, respectively). The web apphcation manager 302 is the 

top-level module that executes web applications by driving the other four modules. It 
does so by taking a web application 301 as input and executes the various language codes 
in this application's web pages and invokes the other four modules (303 through 306). 
FIG. 4 provides a more detailed depiction of the process of the web application manager. 

15 Those skilled in the art will appreciate that there are a number of ways for one 

software module to drive other software modules. For example, in an object-oriented 
approach, with all modules modeled as classes, a driving class can create an instance of a 
driven class and calls the methods associated with this driven class to invoke the behavior 
of the former. In a non-object-oriented approach, the driven modules can be invoked by 

20 the driving module through the API functions provided by the former. 

Referring now to FIG, 4, the process of the web apphcation manager is shown. 
As depicted in FIG. 4, the web application manager executes a web application by first 
reading the language code in the web pages of this application (step 401), and does not 
terminate (block 403) until all code has been processed (step 402). For each unit of code 

25 read, the web application manager determines the language type of this code (step 404). 

If the language type of this code is visual presentation language, the web 
application invokes the visual presentation process (step 405) that takes this code as 
input. If the language type of this code is the data modeling language, the web 
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application manager invokes the data modeling process (step 406) that takes this code as 
the input. If the language type is the script language, the web apphcation manager 
invokes the script process (step 407) that takes this code as input. 

When the visual presentation process (step 405) and the data modeUng process 

5 (step 406) terminate, they return control back to the web apphcation manager and indicate 

to the latter if an exception has occurred (step 410). If so, the web application manager 
invokes the exception handling process (step 411) and then terminates this execution 
(block 403). If no exception occurs, the web application manager goes on to read the 
next code unit (step 401). 

10 When the script process (step 407) terminates and returns control back to the web 

application manager, it returns information about the script code it just processed in terms 
of whether this script code belongs to the original script language under the browser 
contexts; or it is extended code based on the features of the present invention to have 
access to a full range of operating system APIs (step 408). If this script code is part of the 

15 original web page script language, it had already been parsed, decoded, and executed by 

the script interpreter (module 305 in FIG. 3) in the script process (step 407). In this case, 
in this embodiment exemplified in FIG. 4, the web application goes on to check if an 
exception has occurred (step 410). If this script code is an extended call, then it has been 
parsed, decoded, but not executed by the script interpreter (module 305 in FIG. 3) in the 

20 script process (step 407). Instead, the decoded information of this script code is passed to 

the operating system interface process (step 409) for execution. When the operating 
system interface process (step 409) completes the execution for this script, it returns 
control back to the web application manager which then checks for an exception (step 
410) and processes the exception handling process (step 411) if an exception has 

25 occurred, or, if not, goes on to read the next code unit (step 401). The details of the 

visual presentation process (step 405), the data modehng process (step 406), the script 
process (step 407) and the operating system interface process (step 408) are explained 
below in the context of FIGs. 5, 6, 7 and 8, respectively. 
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FIG. 5 is a detailed depiction of the visual presentation process (step 405 in FIG. 
4). As depicted in FIG. 5, the visual presentation process takes, as input, visual 
presentation code and checks to see if this code incurs any violations against the system 
policy as manifested by security and cache settings of the web application currently being 

5 executed (step 501). For example, one security setting for an appUcation may regulate 

that it can only link to a fixed extemal URL (uniform resource locator). If in the visual 
presentation process of an HTML code of this apphcation, a link different from that in the 
aforementioned setting exists, then this Hnk causes a violation. 

If a violation occurs (step 502), the visual presentation process generates an 

10 exception (step 503) and then returns this exception to the web apphcation management 
process (step 505) depicted in FIG. 4. Those skilled in the art can appreciate that 
exceptions can be implemented in various ways, including for example using error codes 
and using objects of the object-oriented model to represent exceptions. If the input visual 
presentation code causes no violations, the visual presentation process passes this code to 

1 5 the web browser module for execution (step 504). 

The web browser module (303 in FIG. 3) can be the web browser software 
available in most computers in the world. The most popular web browsers are 
Netscape™ and Microsoft's Internet Explorer™. These two web browsers serve as client 
programs that use the HTTP to make requests of web servers throughout the Internet on 

20 behalf of the browser user. They also provide a graphic user interface to display the 

retrieved web objects and to interact with the user by accepting user input. Those skilled 
in the art can appreciated that these two browser software packages can be incorporated 
by a software system using various methods, including for example linking and invoking 
APIs calls they provide or incorporating their source code for compilation. In a preferred 

25 embodiment of the present invention, the web apphcation manager incorporates web 

browser software and drives it based on the processes depicted in FIGs. 3 and 4. 

FIG. 6 is a detailed depiction of the data modeling process (step 406 in FIG. 4). 
As depicted in FIG. 6, the data modeling process takes, as input, data modeling code (step 
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601) and rans the data modeling module (306 in FIG. 3) to decode the data types and 
values encoded in the input data modeling code (step 602). After the data modeUng 
module is completed, the data modeling process returns control back to the web 
application manager (step 603). Those skilled in the art will appreciate that currently the 

5 most commonly used data modeling language for web data is XML. The data modeling 

module processing (step 602) in this embodiment of FIG. 6 may therefore correspond to 
an XML parser. Similar to the web browser software, various versions of XML parser 
software are available to be incorporated by a software system using the aforementioned 
methods in incorporating the web browser software. 

10 FIG. 7 is a detailed depiction of the script process (step 407 in FIG. 4). As 

depicted in FIG. 7, the script process takes a script code as input, then parses and 
interprets this code (701). If the code is a function call, the script process checks to see if 
this function is a standard function that is under the web browser contexts or an extended 
ftmction created based on the features of the present invention to access the operating 

15 system resources beyond the browser contexts (step 702). If the ftmction being 

interpreted is a standard function, the script process executes it (step 703). If it is an 
extended function, without executing it, the script process checks to see if this function 
call would cause any violations against any management policies (step 704). 

In a preferred embodiment of the present invention, an extended ftmction can 

20 cause a management policy violation by requesting operating system resources that are 
configured by the system management to be beyond the access of the underlying web 
apphcation. For example, the administrator of a software system having the features of 
the present invention can set a limit of disk storage quota for a specific application. 
During an execution of this application, if an extended script function call requests to 

25 allocate disk space that exceeds the disk quota for this application, this call then causes a 

management policy violation. 



YOR9-1999-0457-US1 



17 



As depicted in FIG. 7, if a violation occurs (step 705), the script process generates 
an exception for this violation (step 706). Next, the script process terminates and returns 
control back to the web apphcation manager (step 707). 

Those skilled in the art will appreciated that currently the most commonly used 

5 scripting language for web pages is JavaScript. The parsing and interpreting process 

(step 701) and the executing step (step 703) in the script processing of this preferred 
embodiment of FIG. 7 may therefore correspond to the parsing, interpreting and 
executing processes of the JavaScript software. Similar to the web browser software, the 
JavaScript software can be incorporated by a software system using the aforementioned 

10 methods in incorporatmg the web browser software, and modified such that when an 

extended function call is parsed and interpreted, instead of attempting to execute this call, 
it returns and gives the information about this call to the web application manager, which 
then uses the information about this call as input and calls the operating system interface 
process (step 409 in FIG. 4) to execute it. 

15 Referring now to FIG. 8, the operating system interface process (step 409 in FIG. 

4) that is called by the web application manager to execute an extended script call is 
shown. As depicted in FIG. 8, the operating system interface process takes an input 
which is information of an extended script function call (step 801) and, for each extended 
script call, it executes a regular code that was written with the native operating system 

20 APIs to perform the task of its associated script call (step 802). After the processing of 
the native operating system APIs for executing the script fimction call, the operating 
system interface process returns control to the web application manager (step 803). 

FIG. 9 depicts an example of an install document of an application used in 
accordance with the present invention to property install this apphcation. As depicted by 

25 FIG. 9, the install document of an application may include, but is not limited to, general 
information, various required components, dependency information, registry information, 
short cut information, storage quota, and security settings of this apphcation. 
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Those skilled in the art will appreciate that the general information of an 
application may include, for example, the Global Unique ID, title, author, description, 
versions of this application. The required components of an appUcation may include, for 
example, the icon of this application, HTML pages, scripts, and other documents required 
5 to run this application. The dependency information of an appHcation may include, for 

example, all applications that this application depends on in order to execute. The 
registry information of an application may include, for example, all registry entries 
required for this application to execute properly. The short cuts for an application may 
include, for example, the directory or the location in the storage management system in 

10 which this application is to be stored, as well as all the links in the operating system 

graphic user interface from which the icon of this appHcation is visible and can be used to 
directly invoke the running of this application. The storage quota for an application may 
include, for example, information that limits the maximum disk space which this 
appHcation may use. The security information for an appHcation may include, for 

15 example, the abilities of this appHcation to access operating system resources, such as, for 

example, the abilities to spawn new processes, to connect to certain external hosts, to 
execute dynamic link library calls, to access file I/O (inputs/outputs), to create short-cuts 
and to access network and interface ports. The install document may also include 
pre-install and post-install scripts which are logic in the form of scripting language that is 

20 required to execute before and after the installation, respectively. 

FIG. 10 depicts an example of the tasks performed by an install manager of the 
present invention. As depicted by FIG. 10, to install an appHcation, the install manager 
or program 1003 of the present invention takes two inputs: the application to be installed 
(block 1001) and the install document for this appHcation (block 1002). Next, the install 

25 program 1003 sets up each setting in the install document of this application (e.g., general 

information, components, dependency, etc.) in order to estabHsh an operating system 
environment or context 1004 under which this application can be properly executed. 
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FIG. 1 1 is an example depicting how the install manager 1 103 having the features 
of the present invention can be deployed to create or update an install document 1 104 for 
an application. As depicted by FIG. 1 1, an install document 1 104 for an application can 
be downloaded from a network such as the Internet 1101. It can also be installed through 

5 storage media such as diskettes or CD-ROMs 1 102. The install manager can also provide 

a graphic interface 1 105 for the system administrator 1 106 to configure an existing install 
document 1104. Those skilled in the art will appreciate that the install document for an 
apphcation can be written in a data modeling language such as XML that is widely used 
for modeling electronic documents. 

10 Referring now to FIG. 12, the dependency installation feature of an install 

manager of the present invention is shown. As depicted in FIG. 12, the install manager 
first checks the install document of the application to be installed (step 1201) to see if any 
applications this target application depends on are no yet installed (step 1202). If an 
apphcation the target apphcation depends on is not installed, the install manager may 

15 display a message about the "depended" apphcation and ask for the user's confirmation 

to install this "depended" apphcation first (step 1204). If the user confirms (step 1206), 
the install manager may go to the network to retrieve and install this "depended" 
application or asks the user to enter the proper portable storage media such as diskettes or 
CD-ROMs to install it (step 1207). If the user dechnes to install this "depended" 

20 application, the install manager terminates the installation process (step 1205). If all 

apphcations that the target apphcation depends on are installed (step 1202), the install 
manager installs the target apphcation (step 1203) before it terminates the installation 
process (step 1205). 

FIG. 13 depicts the security context of traditional apphcations, e.g., applications 
25 written in traditional 3GL/4GL programming languages. The security context of a 

traditional application is the limits of access to the operating system resources this 
application is restricted to. Traditional apphcations typically call operating system APIs 
to access operating system resources. As depicted by FIG. 13, traditional applications 
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1301 can call file I/O APIs to access the file system 1302. They can call network APIs to 
access the operating system's network services 1303. For process management, the 
applications may call process APIs to request operating system's process management 
services 1304. They can also call other operating systems' APIs to access other services 
5 provided by the operating systems. In general, in this type of system, the security context 

for an application is the entire operating system 1305. 

In this security model, it is possible that a traditional application can, 
inadvertently or maliciously, damage not only its own data but those of other applications 
that share the same computer system through the call of operating system APIs. 

10 FIG. 14 depicts the security context of virtual machine (VM) based apphcations. 

As depicted in FIG. 14, direct calling of operating system 1406 APIs from the 
applications is eliminated. Instead, applications 1401 request system resources through 
calls made to the virtual machine 402. It is the virtual machine 1402 that makes the 
operating systems' APIs access operating system services such as the file system 1403, 

15 network services 1404, process services 1405, and other operating system services on 

behalf of the apphcations. 

In a virtual machine environment, such as the Java Virtual Machine, the security 
context of an apphcation (such as a Java program) is therefore defined by the virtual 
machine. A misbehaving application thus can only create external damage allowable by 

20 the virtual machine. However, there can be many different types of applications running 

on the same virtual machine and while each one of them may have a different security 
need, they are forced to run under the same security context (that defined by the virtual 
machine). 

Referring now to FIG. 15, an example of an architecture of a security 
25 management system of the present invention is shown. As depicted by the example in 

FIG. 15, instead of sharing one security context, apphcations each may have a unique hst 
of security settings that define the security context for each application. In FIG. 15, the 
security context for apphcation 1 (1503) is defined by security settings 1 (1504); the 
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security context for application 2 (1502) is defined by security settings 2 (1505); and the 
security context for application 3 (1503) is defined by security settings 3 (1506). 

Based on this preferred embodiment of the present invention, appHcations calls 
that request operating system 1511 resources from the appUcations go through the 

5 application manager 1507 for security filtering. For example, upon receiving a call from 

appUcation 1 (1501), the application manager 1507 checks the security settings of this 
application (1504) and makes sure that this call does not violate any of the security 
settings before it can be executed. The security filtered calls may then be passed onto the 
APIs associated with the file system 1508, the network services 1509 and the process 

1 0 services 1 5 1 0 of the operating system 1511. 

FIG, 16 depicts a security filtering process of the application manager (1507 in 
FIG. 15) having the features of the present invention. As depicted by FIG. 16, the 
application manager first receives a call from an application (step 1601). Next, it checks 
the security settings of this application for this call (step 1602). 

15 If a violation against the security settings exists for this call (step 1603), the 

application manager may initiate a security exception handhng step (step 1604) before it 
terminates the process (step 1606) without executing this call. A typical action to handle 
an exception may be to display an error message and then exit the processing for the 
application that caused this exception. If no violations exist (step 1603), the application 

20 manager processes this call by executing operating system APIs (step 1605) before it 

terminates the process (step 1606). 

Referring to FIG. 17, an architecture is shown of a web caching system deployed 
by state-of-the-art browsers in processing apphcations which comprise web pages. As 
depicted in FIG. 17, a user 1707 may use the browser 1704 to process applications (1701, 

25 1702), such as a web-based onhne purchasing application, or to simply display Web 

pages. The web caching system in this model is based on one cache 1705 for all HTTP 
web objects displayed through this browser 1704, 
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Based on this model, when the user requests a HTTP web object through the web 
browser 1704, the browser first checks its cache 1705 to see if the requested web object 
exists in the cache (as shown, the web browser and cache are associated with operating 
system 1706). If so, the browser retrieves this object from the cache. If not, the browser 
goes to the source host of this object on the Internet 1703 and retrieves it through the 
Internet. In this case, the browser may also insert this newly retrieved object in its cache. 

For web browsers and web proxies that deploy a conventional web caching 
system, such as the one depicted in FIG. 17, certain strategies may be used to remove 
objects from the cache that are deemed out of date. One strategy may be to retrieve the 
meta-data from the Internet source of the requested object and compare that with the 
meta-data of the same data in the cache to determine if the cached one is outdated. 
Another strategy may be to set a time window and to re-retrieve or to process the 
meta-data comparison based on the above strategy for any objects that have been cached 
longer than this time window. A third strategy may be to do nothing and only to retrieve 
an object through the Internet if it is not found in the cache or when the user requests so 
by pressing the Reload button on the browser screen. 

It is to be appreciated that cache coherency algorithms are not a feature of the 
present invention, hence any reasonable cache coherency algorithm can be deployed by a 
web caching system of the present invention, as explained below in the context of FIG. 
18. 

FIG. 18 depicts an architecture of a web caching system of the present invention. 
As depicted in FIG. 18, web objects (1801) are retrieved via the Internet by the web 
application manager (1804). For each web application (1802 or 1803), the web 
apphcation manager creates a separate web cache (1807 or 1808). In a preferred 
embodiment of the present invention, the web cache for an apphcation contains two 
pools, one for HTTP objects and the other one for non-HTTP objects. In this preferred 
embodiment, the web apphcation manager runs a separate copy of the web browser 
software for each web application, and uses the web browser's web caching system to 
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cache HTTP objects for each appUcation. Those skilled in the art can appreciate that 
browser software can be incorporated by the present invention using various methods, 
including for example hnking and invoking APIs calls they provide or incorporating their 
source code for compilation. Alternatively, the web application manager can be 
5 developed with the capabiUties to create and manage a cache for HTTP objects for each 

application without the incorporation of the browser's caching system. 

In a preferred implementation of the present invention, the web application 
manager provides cache management APIs to web applications to let them manage their 
own caches for non-HTTP objects. Each web application can manage a separate cache 
10 for non-HTTP web objects by issuing these cache management APIs. Upon receiving 

these API calls, the web application manager may then, on behalf of the application 
issuing these calls, conduct cache management tasks directly using the native operating 
system 1809 APIs. 

FIG. 19 depicts an example of an HTTP web object retrieval process of a web 
15 appUcation manager having the features of the present invention. As depicted by FIG. 

19, the web application manager first receives a request for an HTTP web object from an 
application (step 1901). Next, the web application manager invokes web browser 
software to retrieve this HTTP web object (step 1902). The web browser will retrieve 
this HTTP web object by first checking its web cache 1907. If the web browser returns 
20 an exception in retrieving this object (step 1903), the web appUcation manager invokes 

the exception handling process (step 1904) before it terminates the process (step 1906). 
If no exception occurred (step 1903), the web application manager sends the object 
returned by the browser to the requesting application (step 1905) and then terminates the 
process (step 1906). 

25 FIG. 20 depicts a process of the web appUcation manager of the present invention 

that executes non-HTTP web object cache management APIs. According to the present 
invention, a web application manages its own non-HTTP web object cache by calling 
cache management APIs. As depicted in FIG. 20, upon receiving a cache management 
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API call (step 2001), the web application manager first checks to see if this API call will 
result in any violations against the cache settings for the application that issues this call 
(step 2002). For example, a cache violation may be caused by a cache management API 
requesting space for its non-HTTP object cache that will resuU in the total storage space 
for the whole application exceeding that allowed for this apphcation. 

If a violation occurs (step 2003), the web application manager invokes the 
exception handling process (step 2004) to handle this violation. A typical action may be 
to display an error message and then exit the processing for the application that caused 
this error. Next, if no violations occur (step 2003), the web application manager 
processes this API by executing native operating system APIs (step 2005) that directly 
manage the non-HTTP object cache 2008 for this application. Next, if any exceptions 
exist during the cache management (step 2006), the exception handling process is 
invoked (step 2004). Otherwise, the API processing is complete and the process 
terminates (step 2007). 

Although illustrative embodiments of the present invention have been described 
herein with reference to the accompanying drawings, it is to be understood that the 
invention is not limited to those precise embodiments, and that various other changes and 
modifications may be affected therem by one skilled in the art without departing from the 
scope or spirit of the invention. 
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Claims 

What is claimed is: 

1. A method of generating a web-based appHcation, the method comprising the 
steps of: 

5 composing one or more web pages in accordance with a scripting language to 

form the application; 

embedding one or more extended function calls in the one or more web pages in 
accordance with the scripting language such that the application, when executed by a 
computer system in which the application is installed, has access to one or more non-web 
10 browser context-based operating system resources associated with the computer system 
through the one or more extended function calls. 

2. The method of claim 1, wherein the one or more embedded extended function 
calls cause one or more operating system application programming interfaces to be 
executed in order to access the one or more non-web browser context-based operating 

1 5 system resources . 

3. The method of claim 1, wherein the scripting language includes code for 
accessing one or more web browser context-based operating system resources associated 
with the computer system. 

4. Apparatus for processing a web-based application in accordance with a 
20 computer system, the apparatus comprising: 

at least one processor operative to: (i) obtain the web-based application, wherein 
the appUcation is composed of one or more web pages and has access to one or more 
non-web browser-based operating system resources associated with the computer system; 
(ii) interpret scripting language associated with the one or more web pages of the 
25 application; and (iii) convert one or more calls embedded in the interpreted scripting 
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language associated with the one or more web pages into code that executes one or more 
appHcation programming interfaces so as to access the one or more non-web 
browser-based operating system resources associated with the computer system. 

5. The apparatus of claim 4, wherein the at least one processor is further operative 
5 to interpret scripting language code for accessing one or more web browser context-based 

operating system resources associated with the computer system. 

6. A software system for processing a web-based application in accordance with a 
computer system, the software system comprising: 

an appHcation manager that manages a hfe-cycle associated with the web-based 
1 0 application in accordance with the computer system, wherein the appUcation is composed 

of one or more web pages and has access to one or more non-web browser-based 

operating system resources associated with the computer system; 

a scripting language interpreter that interprets scripting language associated with 

the one or more web pages of the application; and 
1 5 an operating system interface module which converts one or more calls embedded 

in the interpreted scripting language associated with the one or more web pages into code 

that executes one or more application programming interfaces so as to access the one or 

more non-web browser-based operating system resources associated with the computer 

system. 

20 

7. The software system of claim 6, fiuther comprising a web browser to at least 
one of retrieve web objects, send web requests, and provide a graphical user interface in 
accordance with the execution of the web-based application. 
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8. The software system of claim 6, further comprising a data modehng language 
parser to decode information in the web-based application written in a corresponding data 
modeling language. 

9. The software system of Clam 8, wherein the data modeling language parser is 
5 an XML parser. 

10. The software system of Clam 6, wherein the scripting language interpreter 
parses the one or more calls embedded in the scripting language and the application 
manager executes the one or more parsed calls in association with the operating system 
interface module to invoke code associated with the operating system application 

1 0 programming interfaces for the one or more calls. 

1 1 . The software system of claim 6, wherein the scripting language is JavaScript. 

12. The software system of clam 6, wherein the scripting language interpreter is a 
JavaScript interpreter. 

13. The software system of clam 6, further comprising a web browser and a data 
15 modeling language parser, wherein the application manager is operative to: (i) process 

code in each web page of the application; (ii) invoke the web browser to process code that 
is of a visual presentation type; (iii) invoke the data modeling language parser to parse 
code that is of a data modeling language type; (iv) invoke the scripting language 
interpreter to parse code that is of the scripting language type such that the scripting 
20 language interpreter may execute code that is of the original scripting language type used 
by the web browser; and (v) invoke the operating system interface module to execute 
code, successfully parsed by the scripting language mterpreter, that executes the one or 
more application programming interfaces. 
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14. A method of installing web-based applications in a computer system, the 
method comprising the steps of: 

obtaining a web-based apphcation and an install document associated with the 
appHcation, the install document including one or more installation settings and 
5 associated values specific to the application and the install document written in a 

particular data modeling language; 

decoding the one or more installation settings and associated values of the install 
document; 

establishing an operating system environment using the one or more decoded 
10 installation settings and associated values in which the apphcation can be properly 

executed in accordance with the computer system; and 
installing the apphcation in the computer system. 

15. The method of claim 14, wherein the install document includes at least one of 
15 general information, component information, dependency information, registry 

information, short cut information, storage quota information, security information, a 
pre-installation script and a post-installation script. 

16. The method of claim 14, wherein the particular data modeUng language in 
which the install document is modeled in is XML. 

20 17. The method of claim 14, wherein the obtaining step comprises downloading 

the install document from a network. 

18. The method of claim 14, wherein the obtaining step comprises retrieving the 
install document firom the Intemet. 
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19. The method of claim 14, wherein the obtaining step comprises obtaining the 
install document from a portable storage medium. 

20. The method of claim 14, wherein at least one of the settings in the install 
document relates to dependency information indicating whether the appUcation being 

5 installed depends on one or more other apphcations. 

21. The method of Claim 20, further comprising the step of configuring the 
dependency setting in the install document by: (i) determining whether the one or more 
other applications upon which the application depends have been previously installed; (ii) 

10 when the one or more other apphcations upon which the apphcation depends have not 

been previously installed, installing the one or more applications before installing the 
application. 

22. The method of claim 21, wherein the dependency setting configuration step 
15 further includes prompting a user to confirm or decline installation of the one or more 

other applications upon which the apphcation depends, prior to installing the one or more 
other applications, 

23. The method of claim 14, further comprising the step of permitting 
modification of the install document. 

20 24. Apparatus for installing web-based applications in a computer system, the 

apparatus comprising: 

at least one processor operative to: (i) obtain a web-based application and an 
install document associated with the application, the install document including one or 
more installation settings and associated values specific to the application and the install 

25 document written in a particular data modeling language; (ii) decode the one or more 
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installation settings and associated values of the install document; (iii) establish an 
operating system environment using the one or more decoded installation settings and 
associated values in which the application can be properly executed in accordance with 
the computer system; and (iv) install the apphcation in the computer system. 

5 

25. A software system for instaUing web-based apphcations in a computer 
system, the software system comprising: 

an apphcation installation manager operative to: (i) obtain a web-based 
application and an install document associated with the apphcation, the install document 

10 including one or more installation settings and associated values specific to the 

apphcation and the install document written in a particular data modeling language; (ii) 
decode the one or more installation settings and associated values of the install document; 
(iii) establish an operating system environment using the one or more decoded 
installation settings and associated values in which the apphcation can be properly 

15 executed in accordance with the computer system; and (iv) install the application in the 

computer system. 

26. Apparatus for providing security management with respect to web-based 
applications running on a computer system, the apparatus comprising: 

at least one processor operative to: (i) obtain a set of security settings for each 
20 web-based application to be accessed on the computer system; and (ii) monitor whether 

the execution of each web-based application violates the security settings associated 
therewith. 

27. The apparatus of claim 26, wherein each set of security settings is unique. 



YOR9-1999-0457-US1 



31 



28. The apparatus of claim 26, wherein at least one of the web-based applications 
is composed of one or more web pages and has access to one or more non-web 
browser-based operating system resources associated with the computer system. 

29. A software system for providing security management with respect to 
5 web-based applications running on a computer system, the software system comprising: 

a set of security settings for each web-based apphcation installed on the computer 
system; and 

an application manager to: (i) obtain the set of security settings for each 
web-based application; and (ii) monitor whether the execution of each web-based 
10 apphcation violates the security settings of the application. 

30. The software system of claim 29, wherein each set of security settings is 

unique. 

31. The software system of claim 29, wherein at least one of the web-based 
applications is composed of one or more web pages and has access to one or more 

1 5 non-web browser-based operating system resources associated with the computer system. 

32. The software system of claim 29, wherein the security settings of an 
application may relate to one or more of: (i) a disk quota for the application; (ii) an abihty 
to spawn processes; (iii) an ability to access certain external hosts; (iv) an ability to 
access certain operating system resources; (v) an abihty to call dynamic link library calls; 

20 and (vi) an abihty to create short-cuts. 

33. The software system of claim 29, wherein the monitoring operation 
performed by the application manager comprises: (i) retrieving the security settings for 
the application to be processed; (ii) calling a script interpreter to parse each call in the 
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application; (iii) for each call, checking the security settings of the appHcation to 
determine whether a violation occurs; (iv) if a violation occurs, executing an exception 
handling process; (v) if no violation occurs, executing the call by one of calling the script 
interpreter or by calling one or more operating system appUcation programming 
5 interfaces associated with the computer system. 

34. The software system of claim 33, wherein a script associated with the 
application is JavaScript and the script interpreter is a JavaScript interpreter. 

35. The software system of claim 29, fiirther comprising a data modeling 
language parser such that the security settings can be encoded using a corresponding data 

1 0 modeling language. 

36. The software system of claim 35, wherein the data modeling language is 

XML. 

37. The software system of claim 29, wherein the application manager is further 
operative to permit modification of the sets of security settings. 

15 38. Apparatus for providing cache management with respect to web-based 

applications running on a computer system, the apparatus comprising: 

at least one processor operative to: (i) retrieve a web-based object from one of a 
network and a cache in response to a request from a web-based application running on the 
computer system; and (ii) provide a cache management application programming 

20 interface for managing a cache of non- web-based objects in response to a request from a 

web-based application running on the computer system. 
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39. The apparatus of claim 38, wherein the at least one processor is further 
operative to utilize a web browser to retrieve the requested web-based object from one of 
the network and the cache. 

40. The apparatus of claim 38, wherein, in accordance with the at least one 
5 processor, the web-based application has a cache portion for maintaining web-based 

objects and a cache portion for maintaining non-web-based objects associated therewith. 

41. The apparatus of claim 38, wherein the cache management application 
programming interface is implemented in accordance with a scripting language associated 
with a web-based application. 

10 42. The apparatus of claim 41, wherein the scripting language is JavaScript. 

43. A software system for providing cache management with respect to 
web-based applications running on a computer system, the software system comprising: 

an appHcation manager operative to: (i) retrieve a web-based object from one of a 
network and a cache in response to a request from a web-based appUcation rurming on the 
15 computer system; and (ii) provide a cache management application programming 

interface for managing a cache of non-web-based objects in response to a request from a 
web-based appUcation running on the computer system. 

44. The software system of claim 43, wherein the application manager is fiirther 
operative to utihze a web browser to retrieve the requested web-based object from one of 

20 the network and the cache. 
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45. The software system of claim 43, wherein, in accordance with the application 
manager, the web-based application has a cache portion for maintaining web-based 
objects and a cache portion for maintaining non-web-based objects associated therewith. 

46. The software system of claun 43, wherein the cache management application 
programming interface is implemented in accordance with a scripting language associated 
with a web-based application. 

47. The software system of claim 46, wherein the scripting language is 
JavaScript. 
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METHODS AND APPARATUS FOR A WEB APPLICATION PROCESSIN G 

SYSTEM 



Abstract of the Disclosure 

A software system is provided to allow a computer to install and process web 
applications according to the invention. Such web applications are written as web pages 
that have access to the full range of operating system resources, including those not 
accessible through a web browser. Preferably, a web application is built using three types 
of languages used for constructing web pages, namely: (a) a visual presentation language; 
(2) a data modeling language; and (3) a scripting language for embedding logic. The 
software system preferably comprises a web application manager, an operating system 
interface module, a scripting language interpreter, and optionally a web browser and/or a 
data modeling language processor. Various other features such as data caching and 
security filtering are provided in accordance with such a system. 

1500-n9.APP 
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